SecurityAnalystTasks

SecurityAnalystTasks This repository contains hands-on cyberse...

SQLi_AI_defence

SQLiAIdefence A small model ba...

PT-2026-3063

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.2 Description An unauthenticated user can execute SQL injection attacks through the inventory endpoint. The issue affects GLPI versions 11.0.0 through 11.0.2. The vulnerable endpoint is /inventory. The attack...

CVE-2025-15408

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing a manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publi...

CVE-2026-0569

The CVE-2026-0569 entry concerns code-projects Online Music Site 1.0. Affected component: /Frontend/AlbumByCategory.php, where manipulation of the ID argument enables SQL injection. This vulnerability can be exploited remotely and, per the sources, the exploit has been disclosed publicly. Connect...

CVE-2026-0568

The CVE affects code-projects Online Music Site 1.0, specifically the /Frontend/ViewSongs.php file where manipulation of the ID parameter enables SQL injection. This allows remote exploitation, and an exploit has been published. Root cause is unsanitized/incorrect handling of the ID argument in a...

CVE-2026-0567

The CVE-2026-0567 entry affects code-projects Content Management System 1.0. The vulnerability is in the /pages.php file, where manipulating the ID argument causes a SQL injection. It can be exploited remotely and an exploit is publicly available. Connected advisories corroborate a remote SQL inj...

CVE-2025-15435

CVE-2025-15435 affects Yonyou KSOA 9.0. The vulnerability is an SQL injection in an unknown functionality of file /worksheet/work_update.jsp, triggered by manipulating the Report argument. The attack can be initiated remotely and an exploit has been published; vendor response is not provided. Con...

CVE-2025-15434

Summary: CVE-2025-15434 affects Yonyou KSOA 9.0 via an SQL injection in an unknown function of the file /kp/PrintZPYG.jsp, caused by manipulating the zpjhid parameter. Reports indicate remote exploitation with the exploit publicly available. Multiple sources (NVD, Red Hat, CVE list, CNNVD, ENISA,...

CVE-2025-15421 Yonyou KSOA HTTP GET Parameter agent_worksadd.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agentworksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now publ...

PT-2026-1116

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0 where manipulation of the fname argument in the /Frontend/Feedback.php file can lead to SQL injection. This issue can be exploited...

CVE-2025-65125

CVE-2025-65125 affects gosaliajainam/online-movie-booking version 5.5, where a SQL injection in movie_details.php can disclose sensitive information. The vulnerability is labeled as high-severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base score 9.8). Exploitation is network-based with n...

Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise management software from China's UFIDA Yonyou company. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which stems from incorrect manipulation of the parameter ID in the file /worksheet/deluser.jsp, which could lead to a SQL injection attack...

QNAP Systems Hyper Data Protector SQL注入漏洞

QNAP Systems Hyper Data Protector is a one-stop backup software from Taiwan, China-based QNAP Systems. QNAP Systems Hyper Data Protector suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks that could result in the execution of unauthorized code or...

PT-2026-1099

Name of the Vulnerable Software and Affected Versions MARS Multi-Application Recovery Service versions prior to 1.2.1.1686 Description An SQL injection issue affects MARS Multi-Application Recovery Service. Successful exploitation could allow remote attackers to execute unauthorized code or...

CVE-2025-15410

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...

CVE-2025-15409

CVE-2025-15409 affects code-projects Online Guitar Store 1.0. The vulnerability is an SQL injection in /admin/Delete_product.php via manipulation of the del_pro parameter, exploitable remotely. Public disclosures exist. Impact includes potential disclosure/integrity/availability harm as per CVSS ...

CVE-2025-55065

CVE-2025-55065 is a SQL injection flaw (CWE-89) caused by improper neutralization of special elements in SQL commands. Connected sources reference Kopek Reem ReKord Client and general SQLi impact; no concrete affected versions or patches are specified in the provided documents. Exploitation detai...

CVE-2025-55065

CWE-89 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

EUVD-2026-0011

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...